Search in ISMS Guides

Enter your search termsSubmit search form

Web

isms-guide.blogspot.com

Thursday, August 16, 2007

Practical Threat Analysis of Complex Software

Abstract

This paper describes Practical Threat Analysis(PTA); a structured methodology implemented in a Windows application freeware that helps analysts and developers to assess system risks and build an most effective risk reduction program for their complex software system.

Software appears simple but imbued with power to the casual observer. For the programmers, the code becomes obscure when viewed later and tests of correctness can be quite difficult to perform. With the steep rise in reported data breaches in recent years it is becoming apparent that basic software flaws are at the root of system vulnerabilities that enabled exploitation by hackers and trusted insiders.

PTA helps the security, application development and deployment teams identify and prioritize remediation of flaws in a cost-effective manner.

1 comment:

I would like to inform you that on September 2007 we released an updated version of PTA Professional Edition (1.54 - build 1201) with major usability improvements.

PTA – Practical Threat Analysis - is a quantitative method and a software tool that enables you to model the security perimeter of you business, identify threats on an asset-by-asset basis and evaluate the overall risk to the system. The risk level, potential damage and countermeasures required are all presented in real financial values. PTA calculates the level of risk and the available mitigation. It advises on the most cost-effective way to mitigate threats and reduce the risk.

PTA is free-of-charge for students, researchers, software developers and independent security consultants. You are invited to review the latest version's new features and download a free copy of the software from our site:

http://www.ptatechnologies.com

PTA fully supports the PCI DSS 1.1 standard as well as the ISO27001 and other popular standards. Download a free copy of PTA for PCI DSS and the ISO 27001 security libraries from the following url:

http://www.ptatechnologies.com/?action=documents

I'll be happy to have your comments and answer your questions on any issue.